I’ve been trying to test out the subnet router feature, since this will be critical for my org using TS to replace OpenVPN-AS. From the TS documentation, it says something along the lines of “no firewall configuration is needed, it’ll just work”. But I am only seeing subnet routing work when I disable the firewall. This is a default, minimal, fresh RHEL8 server. Followed the TS docs to the letter. But if I have the firewall active, any attempt to SSH to a machine on the subnet is immediately denied. If I disable firewall and restart tailscale (on the subnet router) I can SSH (or RDP, http, etc) without a problem to machines on that subnet.
Since I have reread the docs many times, I’ve come here (and googled widely) looking for info. I’ve seen a bunch of posts that incidentally mention that they of course disable firewall on their subnet router…like that’s just a given. What am I missing? I can’t keep the firewall disabled on the server in question, as a matter of policy, so I’d love some help on this.
Thanks!